Sending Logs (Event Hooks)
==============================

You can send Events to external locations like SIEM solutions using several
methods.

.. note:: To send emails notifications, Outbound email and admin email
   notification settings must both be configured.
   See :doc:`/system/email` , :doc:`/system/admin-account`.

You can perform validation/transformation operations on logs before sending events through Workflow.

    - You can send logs using data validated/transformed through Workflow.
    - Macros that can be used for event transmission are available in Workflow.
        
        - Macros such as {_NODE_IPSTR} can be used in Workflow in the format ${request._NODE_IPSTR}.
        - After executing the Workflow, the results can be used in each event transmission setting in the format ${workflow}, ${workflow.result}, and JSON results defined in the Workflow's Response Body Template can be used in the format ${workflow.jsonKey}.


#. Select a **log filter**, click **edit.**
#. Click **Checkbox** for **Notification** (Administrator email / sms),
   **Syslog**, **SNMP Trap**, or **Webhook**.
#. Configure settings and Update.

Example Integration: Splunk
---------------------------

Integrate with Splunk using the following process:

1. In Splunk configure a Local UDP input under **Settings > Data Inputs.**
2. Configure your desired **data input port** and enter your Genians policy
   server IP into the "Only accept connection from" section. (optional)
3. In Genians |product_name|, select syslog under the log filter of your choice.
4. Input the **Sever Address** of your splunk server. For **Protocol**, select
   **UDP**, and for **server port**, select the **data input port** you defined
   on Splunk.
5. In the SYSLOG message section, enter the value:
   {_DATETIME},LOGTYPE={_LOGTYPE},LOGID={_LOGID},IP={_IP},MAC={_MAC},MSG={_FULLMSG},
   DETAIL={_DETAILMSG}

 * This is necessary for the proper display of information in Splunk.

SNMP Trap Example
-----------------

SNMP Trap is mainly used for device-to-device event transmission, and the transmission setting method is as follows.

#. Check SNMP trap in selected search filter of Genian |product_name|.
#. Enter the server address of the SNMP Trap server.
#. Enter the Community string defined in the SNMP Trap server.
#. In the SNMP Trap message, enter values ​​of {_DATETIME},LOGTYPE={_LOGTYPE},LOGID={_LOGID},IP={_IP},MAC={_MAC},MSG={_FULLMSG},
   DETAIL={_DETAILMSG}.